Microsoft’s July 2025 Patch Tuesday includes updates for 137 vulnerabilities, among them one publicly disclosed zero-day. Fourteen flaws are classified as critical, with the majority involving remote code execution, while others relate to information disclosure and hardware-level side channel attacks affecting AMD processors.
Breakdown of Vulnerabilities
This month’s update includes:
- 53 Elevation of Privilege vulnerabilities
- 41 Remote Code Execution vulnerabilities
- 18 Information Disclosure vulnerabilities
- 8 Security Feature Bypass vulnerabilities
- 6 Denial of Service vulnerabilities
- 4 Spoofing vulnerabilities
These totals do not include four Mariner or three Microsoft Edge vulnerabilities addressed earlier in the month. Non-security updates include patches for Windows 11 and Windows 10, though individual KB numbers were not listed in Microsoft’s summary release.
Zero-Day Vulnerabilities
One publicly disclosed zero-day is addressed in this month’s update.
CVE-2025-49719 | Microsoft SQL Server Information Disclosure Vulnerability
Affects: Microsoft SQL Server
This flaw allows a remote, unauthenticated attacker to access data from uninitialized memory due to improper input validation. It can be exploited over a network without prior authentication. Administrators are advised to install the latest version of Microsoft SQL Server and update the Microsoft OLE DB Driver (version 18 or 19).
Microsoft has not shared details on how the disclosure occurred, but no active exploitation has been reported.
Other Critical Vulnerabilities
Microsoft addressed several critical remote code execution vulnerabilities this month, including:
- CVE-2025-49704, a remote code execution vulnerability in Microsoft SharePoint, which can be exploited remotely by authenticated users over the internet.
- Multiple Microsoft Office RCEs that can be triggered by opening a crafted document or viewing it in the preview pane.
Security updates for Microsoft Office LTSC for Mac 2021 and 2024 were not available at the time of release but are expected soon.
AMD and Other Vendor Updates
Security updates from other major vendors include:
- AMD: Disclosed new transient execution side channel vulnerabilities based on Microsoft’s research into microarchitectural leakage boundaries.
- Cisco: Released patches for various issues, including one involving hardcoded SSH root credentials in Unified Communications Manager (Unified CM).
- Fortinet: Issued updates for FortiOS, FortiManager, FortiSandbox, FortiIsolator, and FortiProxy.
- Google: Released a fix for an actively exploited Chrome zero-day (CVE-2025-6554). No Android patches were issued in the July 2025 bulletin.
- Grafana: Addressed four Chromium-related vulnerabilities affecting the Image Renderer plugin and Synthetic Monitoring Agent.
- Ivanti: Delivered updates for Ivanti Connect Secure, Policy Secure, EPMM, and EPM. None of the issues were reported as exploited.
- SAP: Released fixes for several products and reclassified CVE-2025-30012 in SAP Supplier Relationship Management as a critical flaw, now rated 10.0.
Recommendations for Users and Administrators
Organizations should prioritize patching Microsoft SQL Server, Office, and SharePoint deployments, especially those accessible from external networks. While the SQL Server flaw is not known to be exploited, its public disclosure increases the risk of future exploitation. Systems with outdated OLE DB drivers should be updated alongside SQL Server patches.
Security teams should also review AMD’s disclosure on transient scheduler attacks, as well as vendor patches from Cisco, Google, and SAP addressing high-severity and actively exploited vulnerabilities.
How Can Netizen Help?
Netizen ensures that security gets built-in and not bolted-on. Providing advanced solutions to protect critical IT infrastructure such as the popular “CISO-as-a-Service” wherein companies can leverage the expertise of executive-level cybersecurity professionals without having to bear the cost of employing them full time.
We also offer compliance support, vulnerability assessments, penetration testing, and more security-related services for businesses of any size and type.
Additionally, Netizen offers an automated and affordable assessment tool that continuously scans systems, websites, applications, and networks to uncover issues. Vulnerability data is then securely analyzed and presented through an easy-to-interpret dashboard to yield actionable risk and compliance information for audiences ranging from IT professionals to executive managers.
Netizen is a CMMI V2.0 Level 3, ISO 9001:2015, and ISO 27001:2013 (Information Security Management) certified company. We are a proud Service-Disabled Veteran-Owned Small Business that is recognized by the U.S. Department of Labor for hiring and retention of military veterans.
